Common Fields

These fields appear in the syslog message for all protocols.

id.orig_h

The client IP address involved in a connection.

id.orig_p

The client TCP or UDP port used for a connection.

id.resp_h

The server IP address involved in a connection.

id.resp_p

The server TCP or UDP port used for a connection.

pkt_num

The packet number within a network flow.

tenant_id

The identifier for a tenant associated with an event.

ts

The timestamp of the packet that triggered the log record. This indicates when the event occurred.

uid

A unique connection ID that enables you to correlate log records related to the same network flow.